Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

edolen1

Posted 14 May 2005 - 05:08 AM

edolen1

Member

Topic Starter

Member

14 posts

Resisted:

Positive identification: Trojan.Win32.Agent.cp3
File: c:\windows\system32\fvzbtiv.exe
^^ First it told me it had to end it as a process, when it did, it told me it was unable to delete. I told it to delete once again, this time it was successful, but another process with a similarly random name appeared in the process list.

Check the following items in HijackThis.Close all windows except HijackThis and click Fix checked:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O4 - HKLM\..\Run: [cvhrqqz] c:\windows\system32\fqmhak.exe <= check the place where this is in the log. If it has been replaced fix the replacing entry and find the file it points to. Delete that file.

Metallica

Posted 15 May 2005 - 03:36 AM

Metallica

Spyware Veteran

GeekU Moderator

32,258 posts

Good job.

That part seems under control. Now there is an empty service left to deal with:O23 - Service: .netnl - - (no file)

Click Start > Run type services.msc > OKIn the list of services find:.netnlRightclick that line and choose Properties.On the General tab Stop and set the service to disabled.In HijackThis click Config > Misc Tools > Delete an NT serviceIn the dialog box paste: .netnl